I provide desktop support for a start-up company. The company owns a few pharmacies in the area. Each pharmacy has at least 3-5 computers and are connected to the internet to receive/transmit data providing medical and patient data by software. Right now they are being protected by a router along with Symantec Norton Business class acting as firewall and anti-virus.
My question is, and where we require assistance: is this sufficient for HIPAA/ePHI compliancy? Multiple Google searches provide only very broad and vague information on HIPAA rules & regulations. Do we require hardware firewalls in conjunction with a software firewall/anti-virus? Does anyone have experience in this field or can provide some concrete info in this spectrum?
Thanks in advance..